Use ZAP to Find Dangerous or Harmful Apps Installed on iOS Devices

Do you think smartphones are absolutely safe and free from any form of viruses, trojans and malwares? Trojan targeted Android a couple of years ago, if you remember. Same was the case with iPhone in 2009. Sure, folks at Google and Apple are working round the clock to strengthen the security walls of their mobile OS, but these walls are constantly knocked down or jumped over by hackers.

Let’s talk about iOS apps that are generally considered safe, as they have to go through Apple’s strict guidelines before entering the App Store. We all have apps — free and paid ones — installed on our iOS devices. Some are popular, and some not so. Let’s keep the popularity of these apps aside, and look at what really happens in the background. Do these apps send our username to their servers? What about our passwords? Our friend’s phone numbers added in our address book? Are all these data transmitted through apps? ZAP tries to answer all these questions.

ZAP searches and scans our apps and mobile traffic.

Searching apps:

You have to enter the name of the app, wait for the result page to appear. This page shows interesting insights and nitty-gritty details about the app. It also assigns a security score. For instance, Angry Birds (iOS) game has a security/privacy risk of 42/100. We don’t think that’s a good number.

The app provides the following details:

Authentication: Does the application send your username or password in clear text or does it uses a weak encoding method?

Device metadata leakage: Does the application leak your device’s UDID and other important data?

Exposed content: Does the application communicates with other apps to bring advertisement that are you likely interested in?

Scan apps:

In the scan section, you have to enter the URL of the iTunes App Store app or Android app available in the Google Play store. ZAP will analyze the app using its intelligent algorithm and displays the result. There’s also an option to install SSL certificate to analyze encrypted outgoing traffic of your iPhone, iPad and iPod Touch. This long video explains everything about ZAP:

Apple doesn’t approve all the apps supplied to the App Store. They filter out the bad apps — these are the ones that fail to comply with Apple’s strict guidelines. Despite that, there are many fake apps making their way into the closed doors of iOS, and some of them are plain creepy. They want your information. While this may not be hacking in true sense, but if apps collect our information without our permission, then it’s a clear breach of privacy.

Viruses, trojans, malwares are still not a thing of the past yet. They are very much alive today, both on PCs and smartphones. ZAP tries to create awareness, but the score assigned to Angry Birds caught us by surprise. Next we analyzed several apps and every one of them seem to compete against Angry Birds — all of them had a risk score of at least 30. We wish ZAP could reveal more information, and tell us if it is safe to download a particular app or not. Right now, we don’t think we will rub Angry Birds out of our iPhone.